From aad39024b95692e7da7ecb962b3e47136336aa6b Mon Sep 17 00:00:00 2001
From: Shivaram Lingamneni <slingamn@cs.stanford.edu>
Date: Wed, 5 Aug 2020 15:00:39 -0400
Subject: [PATCH] mitigate a potential DoS against websocket listeners

Websocket listeners would process an arbitrary number of invalid
(non-text or blank) messages without throttling. This imposes fakelag
on such messages by treating them as blank lines.
---
 irc/ircconn.go | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/irc/ircconn.go b/irc/ircconn.go
index c0ffb948..903c5261 100644
--- a/irc/ircconn.go
+++ b/irc/ircconn.go
@@ -124,16 +124,18 @@ func (wc IRCWSConn) WriteLines(buffers [][]byte) (err error) {
 }
 
 func (wc IRCWSConn) ReadLine() (line []byte, err error) {
-	for {
-		var messageType int
-		messageType, line, err = wc.conn.ReadMessage()
-		// on empty message or non-text message, try again, block if necessary
-		if err != nil || (messageType == websocket.TextMessage && len(line) != 0) {
-			if err == websocket.ErrReadLimit {
-				err = errReadQ
-			}
-			return
+	messageType, line, err := wc.conn.ReadMessage()
+	if err == nil {
+		if messageType == websocket.TextMessage {
+			return line, nil
+		} else {
+			// for purposes of fakelag, treat non-text message as an empty line
+			return nil, nil
 		}
+	} else if err == websocket.ErrReadLimit {
+		return line, errReadQ
+	} else {
+		return line, err
 	}
 }